Posted on

CVE-2014-2651 (openscape_desk_phone_ip_35g_eco_firmware, openscape_desk_phone_ip_35g_firmware, openscape_desk_phone_ip_55g_firmware, openstage_15_firmware, openstage_15_g_firmware, openstage_20_e_firmware, openstage_20_firmware, openstage_20_g_firmware, openstage_40_firmware, openstage_40_g_firmware, openstage_60_firmware, openstage_60_g_firmware, openstage_80_firmware, openstage_80_g_firmware)

Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface

Posted on

WP Security Audit Log Plugin 3.1.1 on WordPress information disclosure

A vulnerability was found in WP Security Audit Log Plugin 3.1.1 on WordPress (WordPress Plugin) and classified as problematic. This issue affects some unknown functionality of the file wp-content/uploads/wp-security-audit-log/. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

CVE-2014-2271 (p2-6011_firmware, wps_office)

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.